lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <BAY10-DAV20A2A39A1A0330BDD46E19D9450@phx.gbl>
Date: Tue Mar 29 19:02:59 2005
From: se_cur_ity at hotmail.com (Morning Wood)
Subject: E-Data

------------------------------------------------------------
       - EXPL-A-2005-003 exploitlabs.com Advisory 032 -
------------------------------------------------------------
                                 - E-Data -






OVERVIEW
========
E-Data 2.0 is a powerful e-mail directory and management application
that will enhance your web site by letting visitors add, change and
delete their personal information to a directory


AFFECTED PRODUCTS
=================
E-Data 2.0
http://www.adventia.com/


DETAILS
=======
E-Data has user supplied input fields in search and in the "add to
database" functions. By inputting a query keyword followed by XSS style
script, future users may search and find the keyword that contains the
malicious xss.
The XSS is of a persistant nature as it is stored in the applications
database.


SOLUTION
========
none
1st contact: March 16, 2005 ( no reply )



PROOF OF CONCEPT
================
The vendor has a demo site, PoC is in the database,
just goto the "demo url" and enter "qwerty" in search box
demo url: http://www.adventia.com/cgi-bin/dir.pl



CREDITS
=======
This vulnerability was discovered and researched by 
Donnie Werner of exploitlabs


web: http://exploitlabs.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ